back to article UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m

A gang has been jailed after secretly installing hardware in Barclays bank branches to control PCs and steal £1.2m. The sneaky crims hooked up a hidden KVM (keyboard, video and mouse) switch and a 3G mobile dongle to computers at two London branches. This allowed the thieves to connect to the switch over the internet, access …

COMMENTS

This topic is closed for new posts.
  1. Alister

    "This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals."

    <cough>Bullshit<cough>

    Oh, I'm sorry, did I type that out loud?

    1. Psyx

      Quite.

      I'm seeing a lot of conspiracy charges, but only one fraud charge, despite the amount of cash that was nicked. The horse had already bolted and conspiracy charges point to an inability to actually nick the bastards for what they had already taken.

      1. smudge

        And no offences under the Computer Misuse Act?

      2. John Brown (no body) Silver badge

        Conspiracy charges can lead to bigger sentences and often lead to a higher likelihood of conviction in a jury case. Conspiracy can be made to sound far worse that "simple" fraud.

        1. Immenseness
          Coat

          Say what now?

          "possessing articles for use in fraud offences"

          The list of things it is an offence to even possess seems to get longer and more vaguely sweeping by the day.

          Mine is the one with empty pockets, because you can't be too careful (although possession of pockets is probably an offence because you can keep other possessions in them)

        2. Psyx

          Why not both?

          They were planning more and they had already done some = conspiracy + fraud charges.

          It must be harder to prove someone is maybe going to do something than something they've already done... you'd think. Truth is, they effectively got away with the fraud.

  2. Justice
    Facepalm

    Dumb move.

    They should have become bankers instead.

    Then they would not only be able to fleece billions, but get a nice hefty bonus for doing it too.

  3. Arctic fox
    Windows

    Canny crooks..........

    .............and they bought Macs?*

    *Sorry boys, I just could not resist it.

    1. Lazlo Woodbine

      Re: Canny crooks..........

      "Canny crooks.......... .............and they bought Macs?*"

      They bought exclusively shiny expensive stuff, showing all the taste of a magpie...

  4. djack

    £10 - really?

    To pick this up again from the last time this story was reported ..

    Quite where can one buy a network accessible KVM device for £10??

    Ebay has plenty of connector cables for (much more expensive) IPKVM switches but I have yet to see any evidence to back up this £10 claim.

    1. chris 143

      Re: £10 - really?

      I was thinking that, the basic allows you to connect two pcs to one monitor/keyboard/mouse are about that price, but if anyone would like to link me to a proper ip kvm for less than a few hundred quid I'd be interested

      1. Yet Another Anonymous coward Silver badge

        Re: £10 - really?

        You can probably pick them up quite cheaply at your local bank, in fact they might pay you to take them away

  5. Terry 6 Silver badge

    24 Years - Nah!

    I hate it when journos give the total of sentences for a convicted gang. It's a big sounding number that actually means sod all until you divide it by the number of crooks for an average.

    1. diodesign (Written by Reg staff) Silver badge

      Re: 24 Years - Nah!

      "I hate it when journos give the total of sentences for a convicted gang"

      I almost put money on the table this comment would be posted.

      C.

      1. keithpeter Silver badge
        Windows

        Re: 24 Years - Nah!

        "I almost put money on the table this comment would be posted."

        I'm surprised your colleagues are offering odds given the match-rigging possibilities. Do they quote longer for AC comments?

        1. Matt 21

          Re: 24 Years - Nah!

          I thought there was going to be some ingenious reference to living next door to Alice.......... but there wasn't......

          1. plrndl
            Joke

            Re: 24 Years - Nah!

            Who the **** is Alice?

      2. Graham Marsden

        @diodesign Re: 24 Years - Nah!

        Well if Terry 6 hadn't posted it, I was about to.

        It's a meaningless piece of Tabloid-esque BS and whilst the Daily Fail might be happy to engage in such things because it allows middle-englanders to think "Hah! Justice has been done!" we might at least hope for an attempt at accurate reporting from El Reg.

        Or if not, perhaps we could at least introduce an El Reg Standard Unit of Time since there doesn't seem to be one.

        I'd suggest the basic unit to be the "pub lunch" (or, say, two hours), then there could be the "Eich" for longer durations (ie a period of ten days) and followed by the "Fiorina" or six years.

        As such, the whole gang was convicted with sentences amounting to four Fiorinas...

        1. ItsNotMe
          Thumb Up

          Re: @diodesign 24 Years - Nah!

          "Well if Terry 6 hadn't posted it, I was about to."

          And so was I.

        2. diodesign (Written by Reg staff) Silver badge

          Re: @diodesign Re: 24 Years - Nah!

          "It's a meaningless piece of Tabloid-esque BS"

          It's not. IMHO. It's something I can fit in a headline. I've got limited characters for the head; at least appreciate it wasn't in the intro and you were given as many details as I could spare in the copy without boring everyone.

          "we might at least hope for an attempt at accurate reporting from El Reg."

          We've accurately reported the sentences. We must do for legal reasons.

          As for the figure in the title, no headline writer outside the Guardian backbench is going to agree with you, I'm sorry.

          C.

          1. Terry 6 Silver badge

            Re: @diodesign 24 Years - Nah!

            "I almost put money on the table this comment would be posted."

            Which kind of proves my point. Even you knew it was a duff piece of journo gibberish.

            But you still perpetrated it.

      3. BlueGreen
        Pint

        Re: 24 Years - Nah!

        > I almost put money on the table this comment would be posted.

        Descended to gonzo now?

        (sorry, had to. Have a ------------------------------------------>)

  6. Anonymous Coward
    Anonymous Coward

    So this KVM device allows them to operate the keyboard and mouse and see what they are doing? Either one of these criminals has worked for Barclays or they had somebody on the inside. First of all they would have needed a username and password to login or unlock the computer. And they would have required some knowledge of the branch IT systems - they would not be intuitive to use by outsiders.

    1. Cynic_999

      They would not necessarily have needed any insider knowledge. They would have been able to watch how the bank staff used the PC without giving away their presence and so learned how it worked, and only entered their fraudulent data when the machine was left logged in but unattended - perhaps with an accomplice inside the bank who had a view of the PC in question or even lured the staff member away from the PC long enough for the remote criminal to do what was needed.

  7. Anonymous Coward
    Anonymous Coward

    Greedy muppets

    If I'd have nicked six figures worth I'd have scarpered somewhere a long way away and enjoyed it sensibly for a year or three, before even thinking of trying it again! You get lucky once, maybe twice, but the likes of Bonny & Clyde and Jessie James are a long time ago and the modern world mean the chances of being tracked down are so much greater that luck is something that definitely won't last.

  8. Cynic_999

    The person who received the longest sentence will probably spend 4 years actually inside prison. Meanwhile the main members got away with about £250000 each (that we know about - I doubt it was their very first criminal enterprise). Meaning that in return for 4 years of their time, they've got away with over £60000 per year tax free - plus they get free accommodation and all living costs during the 4 years without needing to work, albeit in a very boring environment. To equal that level of income legitimately you'd have to be earning at least £100000 p.a.

    And people think crime doesn't pay?

  9. Anonymous Coward
    Anonymous Coward

    this is exactly why i dont use online banking

    1. Anonymous Coward
      Anonymous Coward

      For a comedy post, you need more content. None of this had anything to do with online banking..

      1. Dig

        ugh.

        "None of this had anything to do with online banking.."

        Isn't that the joke?

  10. Stoneshop

    KVM devices, which can cost as little as £10, allow multiple computers to share the same keyboard, mouse, monitor and more;

    Having the bank employee's mouse and keyboard connected to the crim's device won't achieve much, except maybe capturing the screen unlock password. But what they actually must have used is something that could duplicate keyboard, mouse and screen and send it out over the 3G dongle. That's not a simple UKP10 KVM switch.

    The bank I bank with that still has brick and mortar presence uses keyboards that need a smartcard to unlock the computer, and every employee I've seen removes the card when they move away from the computer. Connecting a KVM thingie the computer won't see the smartcard if they've taken over the machine remotely. Can probably be bypassed too given dedicated hardware, but it's another hurdle.

    1. Anon5000

      The card swipe slot is on the keyboard so one would assume the data read from the card is pushed down the keyboards cable which is attached to the IP KVM switch. Probably not encrypted en-route but even if it was, there is a possibility that it doesn't matter as I suspect some sort of Port Replay was used. Just re-sent the data that had been sent previously through that keyboard port when a employee used the card to unlock the screen, which simulated the card swipe.

      1. Stoneshop

        They're smart cards, not swipe cards

This topic is closed for new posts.

Other stories you might like